- Add exec hook "exec.created". This is called when the jail is

created and before exec.start is called. [1] - Bump __FreeBSD_version. This allows to attach ZFS datasets and various other things to be done before any command/service/rc-script is started in the new jail. PR: 228066 [1] Reviewed by: jamie [1] Submitted by: Stefan Grönke <stefan@gronke.net> [1] Differential Revision: https://reviews.freebsd.org/D15330 [1]
2018-08-15 18:35:42 +00:00 · 2018-08-15 18:35:42 +00:00 · f6c0e63bf7
commit f6c0e63bf7
parent dad19de0e6
6 changed files with 9 additions and 3 deletions
--- a/sys/sys/param.h
+++ b/sys/sys/param.h
@ -60,7 +60,7 @@
 *		in the range 5 to 9.
 */
 #undef __FreeBSD_version
-#define __FreeBSD_version 1200077	/* Master, propagated to newvers */
+#define __FreeBSD_version 1200078	/* Master, propagated to newvers */

 /*
 * __FreeBSD_kernel__ indicates that this system uses the kernel of FreeBSD,
--- a/usr.sbin/jail/command.c
+++ b/usr.sbin/jail/command.c
@ -147,8 +147,8 @@ next_command(struct cfjail *j)
 		}
 		if (j->comstring == NULL || j->comstring->len == 0 ||
 		    (create_failed && (comparam == IP_EXEC_PRESTART ||
-		    comparam == IP_EXEC_START || comparam == IP_COMMAND ||
-		    comparam == IP_EXEC_POSTSTART)))
+		    comparam == IP_EXEC_CREATED || comparam == IP_EXEC_START ||
+		    comparam == IP_COMMAND || comparam == IP_EXEC_POSTSTART)))
 			continue;
 		switch (run_command(j)) {
 		case -1:
--- a/usr.sbin/jail/config.c
+++ b/usr.sbin/jail/config.c
@ -73,6 +73,7 @@ static const struct ipspec intparams[] = {
    [IP_EXEC_POSTSTOP] =	{"exec.poststop",	PF_INTERNAL},
    [IP_EXEC_PRESTART] =	{"exec.prestart",	PF_INTERNAL},
    [IP_EXEC_PRESTOP] =		{"exec.prestop",	PF_INTERNAL},
+    [IP_EXEC_CREATED] =		{"exec.created",	PF_INTERNAL},
    [IP_EXEC_START] =		{"exec.start",		PF_INTERNAL},
    [IP_EXEC_STOP] =		{"exec.stop",		PF_INTERNAL},
    [IP_EXEC_SYSTEM_JAIL_USER]=	{"exec.system_jail_user",
--- a/usr.sbin/jail/jail.8
+++ b/usr.sbin/jail/jail.8
@ -706,6 +706,9 @@ The pseudo-parameters are:
 .Bl -tag -width indent
 .It Va exec.prestart
 Command(s) to run in the system environment before a jail is created.
+.It Va exec.created
+Command(s) to run in the system environment right after a jail has been
+created, but before commands (or services) get executed in the jail.
 .It Va exec.start
 Command(s) to run in the jail environment when a jail is created.
 A typical command to run is
--- a/usr.sbin/jail/jail.c
+++ b/usr.sbin/jail/jail.c
@ -98,6 +98,7 @@ static const enum intparam startcommands[] = {
    IP_MOUNT_PROCFS,
    IP_EXEC_PRESTART,
    IP__OP,
+    IP_EXEC_CREATED,
    IP_VNET_INTERFACE,
    IP_EXEC_START,
    IP_COMMAND,
--- a/usr.sbin/jail/jailp.h
+++ b/usr.sbin/jail/jailp.h
@ -88,6 +88,7 @@ enum intparam {
 	IP_EXEC_POSTSTOP,	/* Commands run outside jail after removing */
 	IP_EXEC_PRESTART,	/* Commands run outside jail before creating */
 	IP_EXEC_PRESTOP,	/* Commands run outside jail before removing */
+	IP_EXEC_CREATED,	/* Commands run outside jail right after it was started */
 	IP_EXEC_START,		/* Commands run inside jail on creation */
 	IP_EXEC_STOP,		/* Commands run inside jail on removal */
 	IP_EXEC_SYSTEM_JAIL_USER,/* Get jail_user from system passwd file */